Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Strict Transport Security (HSTS) #29

Closed
carterm opened this issue Dec 11, 2019 · 1 comment
Closed

Implement Strict Transport Security (HSTS) #29

carterm opened this issue Dec 11, 2019 · 1 comment
Assignees
@carterm
Labels
Operations Operations Track Tech Alpha. Technology and Development Track
Projects
Alpha.CA.gov
Milestone
Sprint 1

Comments

@carterm
Copy link
Contributor

carterm commented Dec 11, 2019

Describe the bug
We should implement Strict Transport Security (HSTS) in order to prevent man-in-the-middle attacks where people specifying the HTTP address can be redirected to a malicious site.

More information here...
https://hstspreload.org/

To Reproduce

  1. Open Chrome Developer Tools -> Network
  2. In Chrome Browse to "http://alpha.ca.gov" (not HTTPS)
    First value for "alpha.ca.gov" shows the following

Request URL: http://alpha.ca.gov/
Request Method: GET
Status Code: 301 Moved Permanently (from disk cache)
Location: https://alpha.ca.gov/

Expected behavior
The browser should automatically go the the HTTPS site without triggering a redirect.

related to...
#13
@carterm carterm added Operations Operations Track Tech Alpha. Technology and Development Track labels Dec 11, 2019
@carterm carterm self-assigned this Dec 11, 2019
@carterm
Copy link
Contributor Author

carterm commented Dec 11, 2019

Deployed...New result

Request URL: http://alpha.ca.gov/
Request Method: GET
Status Code: 307 Internal Redirect
Location: https://alpha.ca.gov/
Non-Authoritative-Reason: HSTS

@carterm carterm closed this as completed Dec 11, 2019
@carterm carterm added this to the Sprint 1 milestone Dec 11, 2019
@carterm carterm added this to Done in Alpha.CA.gov Dec 11, 2019
carterm added a commit that referenced this issue Dec 11, 2019
@carterm
Added HSTS
1cb1739 
#29
@abquirarte abquirarte moved this from Done to CLOSED- "done done" in Alpha.CA.gov Dec 16, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@carterm carterm

Labels
Operations Operations Track Tech Alpha. Technology and Development Track
Projects
Alpha.CA.gov
  
Done
Milestone
Sprint 1
Development

No branches or pull requests
1 participant
@carterm